CVE-2023-44216
https://notcve.org/view.php?id=CVE-2023-44216
PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. PVRIC (PowerVR Image Compression) en Imagination 2018 y dispositivos GPU posteriores ofrece compresión transparente por software que permite ataques de robo de píxeles de origen cruzado contra feTurbulence y feBlend en la especificación del filtro SVG, también conocido como un problema GPU.zip. Por ejemplo, los atacantes a veces pueden determinar con precisión el texto contenido en una página web de un origen si controlan un recurso de un origen diferente. • https://arstechnica.com/security/2023/09/gpus-from-all-major-suppliers-are-vulnerable-to-new-pixel-stealing-attack https://blog.imaginationtech.com/introducing-pvric4-taking-image-compression-to-the-next-level https://blog.imaginationtech.com/reducing-bandwidth-pvric https://github.com/UT-Security/gpu-zip https://news.ycombinator.com/item?id=37663159 https://www.bleepingcomputer.com/news/security/modern-gpus-vulnerable-to-new-gpuzip-side-channel-attack https://www.hertzbleed.com/gpu.zip https://www.her • CWE-203: Observable Discrepancy •
CVE-2023-31014
https://notcve.org/view.php?id=CVE-2023-31014
NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution. NVIDIA GeForce Now para Android contiene una vulnerabilidad en el componente de inicio del juego, donde una aplicación maliciosa en el mismo dispositivo puede procesar la intención implícita destinada al componente de transmisión. Una explotación exitosa de esta vulnerabilidad puede provocar una divulgación limitada de información, denegación de servicio y ejecución de código. • https://nvidia.custhelp.com/app/answers/detail/a_id/5476 • CWE-668: Exposure of Resource to Wrong Sphere CWE-927: Use of Implicit Intent for Sensitive Communication •
CVE-2023-25515
https://notcve.org/view.php?id=CVE-2023-25515
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where unexpected untrusted data is parsed, which may lead to code execution, denial of service, escalation of privileges, data tampering, or information disclosure. • https://https://nvidia.custhelp.com/app/answers/detail/a_id/5468 • CWE-822: Untrusted Pointer Dereference •
CVE-2023-0199
https://notcve.org/view.php?id=CVE-2023-0199
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 https://security.gentoo.org/glsa/202310-02 • CWE-787: Out-of-bounds Write •
CVE-2023-0190
https://notcve.org/view.php?id=CVE-2023-0190
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. • https://nvidia.custhelp.com/app/answers/detail/a_id/5452 https://security.gentoo.org/glsa/202310-02 • CWE-476: NULL Pointer Dereference •